Low-Cost, Plug-and-Play Data Diodes for Protection and Monitoring of DoD Facility Equipment
Colin Dunn | Fend Incorporated
The research team at Fend Incorporated has developed a low-cost, plug-and-play data diode to provide the security of an air-gap while increasing the accessibility and quantity of data to managers across all Department of Defense (DoD) components. This ESTCP project shall validate whether Fend’s approach can match the security of expensive, traditional data diodes and demonstrate:
- Complete isolation of protected equipment
- Interoperability with various equipment types
- Ease of installation
- Data transmission to desired network location
- Uninterrupted equipment operation
- Cost performance
Managers of critical infrastructure benefit from the situational awareness provided by remote monitoring. This information leads to improved equipment performance and reduced unplanned downtime. However, this connectivity creates vulnerabilities to cyberattack. Recent attacks on US and international power grids and building systems highlight the need for improved security on the industrial internet of things. Relatively few manufacturers provide the majority of control systems, exacerbating the impact of a distributed cyberattack. Legacy systems often run outdated, unsupported operating systems and will never receive security patches. Firewalls and software-based security are vulnerable to compromise by hackers. Without a cost-effective security solution, much of this equipment is left disconnected from the network (“air-gapped”) and unmonitored.
Data diodes are security appliances that enable a physically-enforced, one-way information stream about the state of this equipment. These devices use light as the medium to transmit data from one side to the other, physically isolating the equipment from lower-security networks. Data diodes are used today to protect the most critical of assets, like nuclear power plants, but at an expense often exceeding $100,000 per connection. On-site diode configuration adds to the cost and complexity of this technology.
Fend’s hardware is a low-cost device that provides the physically-enforced one-way data transfers of data diodes while removing the need for extensive on-site configuration. On-board processors enable Fend’s hardware to communicate with protected equipment using common protocols and transmit this information to an on-site network or cloud service. Fend’s diode would serve the unmet needs of critical infrastructure managers across DoD by quickly enabling secure access to equipment data.
The expected benefits of this project include Fend’s solution to enable the following:
- Compliance with cybersecurity requirements for handling facility-related data.
- Enhancement of energy analytics, demand management, and reporting capabilities.
- Reduction of time and cost associated with installing and connecting data points to existing systems.
- Improvement of the operational efficiency of facility managers and maintenance staff.